Document Download

Document Download

The Autoform Document Download interface is used to download a document stored in the Autform DM Archive and display this to the user directly from T24 Browser.

Overview

The Document Download interface works together with the NoFile, providing the functionality to securely download a document held in the Autoform DM Archive. The NoFile provides a list of documents; the Document Download then retrieves the actual document.

Provided Components

Two distributable are provided for the Document Download functionality for different situations:

• efs-securedocumentdownload-4.*.jar - custom InputStreamProvider implementation for installation into tocfee.ear.

• efs-documentdownloadbrowser-4.*.jar - custom servlet for installation into BrowserWeb.war (recommended).

This guide contains instructions on how to install and configure both of these options depending on your needs.

Configuration

Once you have selected which of the two options (tocfee or BrowserWeb) you are using, you must first configure the integration with the Autoform DM details. Follow these steps to do so:

1. Open the .jar file you have chosen.

2. Update the .properties file with the correct DM URL/credentials.

3. Save the changes back into the .jar file.

When using the tocfee approach where multiple instances of DM are configured, each set of properties should have a prefix such as:

live.dm.url=http://192.168.100.1/pdm/servlet/TemenosDocumentDownloadServlet

live.dm.username=admin

live.dm.password=password1

live.dm.retries=3

live.dm.wait.time=3

live.dm.error.pdf=true

test.dm.url=http://192.168.100.2/pdm/servlet/TemenosDocumentDownloadServlet

test.username=admin

test.dm.password=password2

test.dm.retries=3

test.dm.wait.time=3

test.dm.error.pdf=true

Temenos Installation

The jar installation depends on which distribution is being used.

Tocfee - Update tocfee.ear/tocfplugin-ra.rar/tcserver.xml

1. Copy efs-securedocumentdocument-4.*.jar to tocfee.ear/tocfplugin-ra.rar/.

2. Locate the downloadChannel configured within tcserver.xml.

3. Ensure the pdf downloadChannel is active.

4. Ensure the configured port corresponds to the port defined within BrowserWeb.war/WEB-INF/classes/channels.xml.

5. Update the StreamProvider to com.efstech.temenos.inputstreamprovider.SecureDocumentDownload:

<LISTENER id="downloadChannel" type="tcp" active="true">
  <ADAPTERID>pdf</ADAPTERID>
  <PORT>8084</PORT>
  <UPLOAD_PATH>C:\Temenos\ModelBank-R13\T24\Common\SecureDocs\Upload</UPLOAD_PATH>
  <DOWNLOAD_PATH></DOWNLOAD_PATH> _&lt;!-- used as a prefix for multiple DM properties --&gt;
  &lt;!-- the important bit for SDD --&gt;_
  <STREAM_PROVIDER>
    com.efstech.temenos.inputstreamprovider.SecureDocumentDownload
  </STREAM_PROVIDER>
</LISTENER>

6. Save the changes to TOCFEE.EAR.

Note

DOWNLOAD_PATH is the prefix that is used for a DM instance. In the configuration above we have one instance with live prefix and one with test prefix. The DOWNLOAD_PATH should be empty if no prefix has been used or contain for the example configuration either 'live' or 'test'.

BrowserWeb - Update BrowserWeb.war/WEB-INF/web.xml

The option to install the download to BrowserWeb was added in version 4.3.0.

1. Copy efs-documentdownloadbrowser-4.*.jar to BrowserWeb/WEB-INF/lib/.

2. Locate the DocumentService servlet entry, for instance, DocumentService.

3. Update the servlet class to com.efstech.temenos.downloadbrowser.DocumentDownloadBrowserServlet.

<servlet>
<servlet-name>DocumentService</servlet-name>
<display-name>DocumentService</display-name>
<servlet-class>

com.efstech.temenos.downloadbrowser.DocumentDownloadBro
wserServlet
</servlet-class>
</servlet>

From version 4.4.0, additional parameters can also be set on the servlet above, which are passed across for Auditing in Autoform DM:

<!-- [OPTIONAL]
     The name of the session attribute containing the name of the user signed into Browser.
     Used for DM auditing.
     DEFAULT: BrowserSignOnName -->
<!--
<init-param>
    <param-name>t24.session.username.attr</param-name>
    <param-value>BrowserSignOnName</param-value>
</init-param>
-->
 
<!-- [OPTIONAL]
     The name of the session attribute containing the ip address of the user signed into Browser.
     Used for DM auditing.
     DEFAULT: BrowserClientIpAddress -->
<!--
<init-param>
    <param-name>t24.session.ip.address.attr</param-name>
    <param-value>BrowserClientIpAddress</param-value>
</init-param>
-->

Uncommenting the above parameters and ensuring the param-value's match those in T24 BrowserWeb will ensure they are passed across correctly.

If the default parameter names are not valid, you will see WARN logging such as:

Warning

Browser username is not present in session attribute and Browser Client IP address is not present in session attribute.

To determine the correct parameter names, TRACE logging should be enabled for the class com.efstech.temenos.common.UserContextEnricher. Once this is done, every session attribute will be logged:

Found session attribute =

This can be used to find the right attributes and update the web.xml. After this, ensure that the trace logging is turned off.

Logging

Tocfee

Debugging is configured in tocfee.ear\lib\tocfee-log4j.jar\log4j.xml by setting the com.efstech category to DEBUG.

BrowserWeb

Debugging is configured in BrowserWeb.war\WEB-INF\classes\log4j.properties (or jboss-specific log config file) by setting the com.efstech category to DEBUG.

Password Encryption

Use CLI to Encrypt Passwords

The DM password for all integrations can be encrypted using the CLI for our crypto-utils library by following these steps:

1. Obtain the CLI jar from the interfaces release package. It should be named crypto-utils-1.0.0-cli.jar or similar.

2. Run the jar file as java -jar crypto-utils-1.0.0-cli.jar encrypt. For instance, to use the key MyKey to encrypt the DM password DM_PASS, you run it as: java -jar crypto-utils-1.0.0-cli.jar encrypt DM_PASS MyKey

3. The encrypted DM password is the output from the above command. It should be surrounded with ENC() and placed in the relevant properties file (for instance, NoFileEnquiry.properties) for the interfaces release jar. For example, dm.password=ENC(AX23DKJCL2LKJDLKJ436).

4. The encryption key (MyKey in this example) must be set as an environmental variable with the name EFS_T24_INTERFACES_KEY.  

Change the Encryption Profile

Both the CLI and the interfaces allow an alternative encryption profile to be selected if there is a perceived need to use something other than the default.

To do so, the name of the desired encryption profile should be passed to the CLI and the interface - if configured, these must match; otherwise, password decryption will fail.

For the CLI, the profile name can be selected by adding -c  to the end of the command. For the Interfaces, it is passed as the EncryptionConfig parameter.

The following are the possible profiles:

• pbkdf2hmacsha1withaes128cbc - the default profile, used if nothing explicitly set

• pbkdf2hmacsha1withaes256cbc - provides higher bit strength AES

The second profile provides higher strength AES, but this requires the environment to support this. A standard JDK will not support anything above 128bit without either the unlimited-strength JCE profile enabled  or a thirdparty library such as BouncyCastle. As such, it should only be used if required and with the understanding that additional work must be done to ensure the environment supports it.

Failure Behavior

When an issue occurs with the DM connection, an error PDF is now returned instead of an unusable PDF file.

This can be turned off by setting dm.error.pdf to false in the .properties file. The error PDF may also be replaced by replacing the error.pdf file inside the .jar file.